Configure IKE2 site to site vpn between cisco router and fortigate

Dears;
I have FG 100D and i need to create a IPSec site to site using IKEV2 , FG has a static IP but Cisco router has a dynamic IP.
IS this configuration achievable?


Regards;
Mohammed
Mohammed UmerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Yes, that would mean the cisco has to initiate the VPN connection.
The setting on the fortigate can not require a wan IP meaning the site to site VPN is open to all provided they have the LAN to LAN and the the pre share key, group rules
To maintain the VPN active,you have to have activity/ping from the Cisco side .......

Cisco
Peer ID fortigate wan
Cisco Local LAN
Fortigate Remote LAN

Fortigate
From any source
Fortigate local LAN
Cisco remote LAN

Then match the settings for encapsulating/encryption and group 1,2,3 768,1024,etc
Key lifetime, and refresher...

Set the parameters on one side, in your case the fortigate, then match it in the Cisco VPN setup...

Cisco has several examples of Cisco to fortigate as well as fortigate has examples of VPNs to Cisco.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Garry GlendownConsulting and Network/Security SpecialistCommented:
This expert suggested creating a Gigs project.
As Arnold already wrote, the Cisco router will need to initiate the connection setting it up is typically pretty easy, depending on the OS version on the FortiGate the Wizard will make it even easier (though you may want or need to change to custom VPN once you ran through the Wizard). Cisco has a lot of manual steps of course, with configuring the phase 1/phase 2 parameters, crypto maps etc. ... typically the setup shouldn't take more than 15-30 minutes with anybody who knows both systems ...

Here are some links that could help:
http://cookbook.fortinet.com/ipsec-vpn-forticlient/ - Fortinet end
http://www.petenetlive.com/KB/Article/0000933 - one sample setup, for Cisco/Cisco VPN, but most settings are usable for your case
0
nociSoftware EngineerCommented:
instead of a IP pear ID try the so called DNS name (doesn't need to exist or email format, also not required to exist) but both should be the same on both sides.  This makes it feasable to have multiple preshared keys for multiple roaming VPN's.
(Unless cisco cannot handle those ..., not sure about a possible setting there).
0
nociSoftware EngineerCommented:
Solutions as well as additions have been provided.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.